dot11decrypt_util: Avoid abusing memory layout

Instead of using a single memcpy which relies upon struct members being in contiguous memory, use three separate calls to memcpy. This fixes Coverity 1460754.
author: Moshe Kaplan <me@moshekaplan.com> 2020-12-09 22:54:42 -0500
committer: Moshe Kaplan <me@moshekaplan.com> 2020-12-09 22:54:42 -0500
commit: 08a87f3e4c46afa7ca3d52c695be3113adb4b2b7 (patch)
tree: 5937f41df328b0a985eb736d53b4f1382b3b4b36 /epan/crypt
parent: 86e23155fef6d8ed0e3c34c40281eada1cd7945c (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/epan/crypt/dot11decrypt_util.c b/epan/crypt/dot11decrypt_util.c
index ee21a09045..40801d5c85 100644
--- a/epan/crypt/dot11decrypt_util.c
+++ b/epan/crypt/dot11decrypt_util.c
@@ -55,8 +55,9 @@ void dot11decrypt_construct_aad(
 		aad[0] = wh->fc[0];
 	}
 	aad[1] = (UINT8)(wh->fc[1] & FC1_AAD_MASK);
-	/* NB: we know 3 addresses are contiguous */
-	memcpy(aad + 2, (guint8 *)wh->addr1, 3 * DOT11DECRYPT_MAC_LEN);
+	memcpy(aad + 2, (guint8 *)wh->addr1, DOT11DECRYPT_MAC_LEN);
+	memcpy(aad + 8, (guint8 *)wh->addr2, DOT11DECRYPT_MAC_LEN);
+	memcpy(aad + 14, (guint8 *)wh->addr3, DOT11DECRYPT_MAC_LEN);
 	aad[20] = (UINT8)(wh->seq[0] & DOT11DECRYPT_SEQ_FRAG_MASK);
 	aad[21] = 0; /* all bits masked */
author	Moshe Kaplan <me@moshekaplan.com>	2020-12-09 22:54:42 -0500
committer	Moshe Kaplan <me@moshekaplan.com>	2020-12-09 22:54:42 -0500
commit	08a87f3e4c46afa7ca3d52c695be3113adb4b2b7 (patch)
tree	5937f41df328b0a985eb736d53b4f1382b3b4b36 /epan/crypt
parent	86e23155fef6d8ed0e3c34c40281eada1cd7945c (diff)